The newly discovered evasive malware is Secure Shell (SSH) Cryptographic protocols for penetrating targeted systems for the purpose of mining cryptocurrencies and performing distributed denial of service (DDoS) attacks.

dubbing KmsdBot According to the Akamai Security Intelligence Response Team (SIRT), Golang-based malware has been found targeting companies ranging from games to luxury car brands to security firms.

“Botnets infect systems over SSH connections that use weak login credentials,” said Akamai researcher Larry W. Cashdollar. Said“Malware does not remain permanently on infected systems as a way to avoid detection.”

The malware gets its name from an executable named ‘kmsd.exe’ that is downloaded from a remote server after a successful compromise. It is also designed to support multiple architectures such as Winx86, Arm64, mips64 and x86_64.

KmsdBot has the ability to perform scanning operations and download a list of username/password pairs to propagate itself. It also has the ability to control the mining process and update malware.

KmsdBot malware

According to Akamai, the first confirmed malware targets were: Five Mis a multiplayer mod for Grand Theft Auto V that gives players access to custom roleplaying servers.

of DDoS attacks Observed by web infrastructure companies include: Layer 4 and Layer 7 attacksa flood of TCP, UDP, or HTTP GET requests, overwhelming the target server’s resources and hampering its ability to process and respond.

cyber security

“This botnet is a great example of the complexity of security and how much it has evolved,” said Cashdollar. “What appears to have started as a gaming app bot has gone on to attack large luxury brands.”

Vulnerable software is increasingly being used in crypto miner deployments, jumping from 12% in Q1 2022 to 17% in Q3 2022, according to Kaspersky telemetry data. Nearly half (48%) of the malicious mining software samples analyzed secretly mined Monero (XMR).

“Interestingly, the most targeted country in Q3 2022 is Ethiopia (2.38%), where cryptocurrency use and mining is illegal,” says Russian cybersecurity firm Said“Kazakhstan (2.13%) and Uzbekistan (2.01%) follow in second and third place.”



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog